Ransomware attack: Some ATMs remained shut across India to escape attack

Who's being targeted for blame?

In what one of the most significant cyberattacks ever recorded, computer systems from the U.K.to Russia, Brazil and the USA were hit beginning Friday by malicious software that exploited a vulnerability in Microsoft's Windows operating system.

"NSA should be embarrassed - they've had a lot of damaging leaks", said James Lewis, a former US official who is now a cyber expert at the Center for Strategic and International Studies.

But Scott Vernick, a data security lawyer at Fox Rothschild that represents companies, said he was sceptical that WannaCry would produce a flood of consumer lawsuits. In this case, the attackers are demanding roughly $300 Dollars.

Duggal further said that India needs to look at more global cooperation in the context of to detection, investigation and prosecution of these ransomware base attacks.

Here are some of the key players in the attack and what may — or may not — be their fault.

This reality was once again in the forefront over the weekend, as a massive ransomware virus known as WannaCry spread across the globe and captured headlines.

"Technology companies owe their customers a reliable process for patching security vulnerabilities", he said. While the attack that emerged Friday, hitting companies and governments around the world, ebbed in intensity Monday, experts warned that new versions of the virus could emerge.

Brad Smith, Microsoft's top lawyer, criticized US intelligence agencies for "stockpiling" software code that can be used by hackers. But some sort of agreement by governments to not stockpile vulnerabilities that can be exploited by bad guys is needed.

Avivah Litan, a cybersecurity analyst at Gartner, agreed that the government is "is negligent not doing a better job protecting companies", but added that it's not like "you can stop the US government from developing cybertools" that then work as intended. If one gets the SMS OTP on the same device used to access email, there is no added protection. The exploits are built to take advantage of software flaws.

Smith's blog post did not address another factor in the ransomware's spread, one that hints at the difficulty of uniting against a hacking attack: Users of pirated Microsoft software are unable to download the security patch, forcing them to fend for themselves or rely on a third-party source for a solution.

The hacker group claims that it still has 75 percent of the the US' cyber arsenal, and could release tools that exploit browser, router and phone vulnerabilities, as well as compromised network data from Russia, China, Iran and North Korea. "Yet, when a serious vulnerability is discovered in software, many companies respond slowly or say it's not their problem". He noted, however, the complexity that can be involved in patching a security hole. In some cases, it was individuals and also few private firms. Backups often are also out of date and missing critical information.

"It's not rocket science", Litan said. Reports suggest that over two lakh systems globally could have been infected by the malicious software that blocks access to a system until a sum of money is paid.Earlier in the day, central transmission utility Power Grid said it has put sufficient firewalls to deal with the global cyberattack and consumers need not fear sudden outages.